|
[dokuwiki]
||
[Date Prev]
[09-2006 Date Index]
[Date Next]
||
[Thread Prev]
[09-2006 Thread Index]
[Thread Next]
[dokuwiki] Re: [SECURITY ALERT] problems in fetch.php
- From: "Oliver Schulze L." <oliver@xxxxxxxxxxxxx>
- To: dokuwiki@xxxxxxxxxxxxx
- Date: Tue, 26 Sep 2006 23:52:16 -0400
Hi Andi,
many thanks for the updates and patches.
I wonder if you could add this patch:
http://wiki.splitbrain.org/wiki:tips:css_jss_cache_backport
to the current or next version.
Since there are many release of DW lately, I think it would be easy
to add this very simple/very useful patches.
Thanks
Oliver
Andreas Gohr wrote:
Hi all!
Another two vulnerabilities have been discovered in DokuWiki. Both are
mostly harmful for users of ImageMagick's convert utility only, but
should be quickly fixed by everyone.
The first one is a possible denial of service vulnerability caused by
allowing images being resized unlimited. When libGD is used (default)
the needed RAM is calculated before and the function aborts if not
enough RAM for the PHP process is available (typically 8 to 32MB).
However if ImageMagick ($conf['imconvert']) is used, no such limit
exists, allowing an attacker to potentially consume a lot of system
ressources.
More info and how to fix this is available at
http://bugs.splitbrain.org/?do=details&id=924
While examining this problem I discovered another, more serious one.
The input parameters for width and height are not sanitized properly,
which can be used by an attacker to introduce arbitrary shell commands
into the imagemagick commandline. I was not able exploit this with the
default libGD option but all users should apply the fix as soon as
possible anyway.
More info and how to fix this is available at
http://bugs.splitbrain.org/?do=details&id=926
Both problems are fixed in the new hotfixed tarball available at
http://www.splitbrain.org/go/dokuwiki
Andi
--
Oliver Schulze L.
Get my e-mail after a captcha test in: http://tinymailto.com/oliver
--
DokuWiki mailing list - more info at
http://wiki.splitbrain.org/wiki:mailinglist
|
